Information Technology Audit

An information technology (IT) audit or '''information systems (IS) audit''' is an examination of the controls within an entity's Information Technology Infrastructure . These reviews may be performed in conjunction with a Financial Statement Audit , Internal Audit , or other form of attestation engagement.
Formerly called an Electronic Data Processing (EDP) audit, an IT audit is the process of collecting and evaluating evidence of an organization's Information System s, practices, and operations. Obtained evidence evaluation can ensure whether the organization's information systems safeguard assets, maintains Data Integrity , and is operating effectively and efficiently to achieve the organization's goals or objectives.

IT audits are also known as automated data processing (ADP) audits and computer audits.

PURPOSE

An IT audit is similar to a financial statement audit in that the study and evaluation of the basic elements of internal control are the same. However, the purpose of a financial statement audit is to determine whether an organization's Financial Statements and financial condition are presented fairly in accordance with Generally Accepted Accounting Principles (GAAP). Regarding Potection-of-Information-Assets, one purpose of an IT audit is to review and evaluate an organization's information system's availability, confidentiality, and integrity by answering questions such as:

Will the organization's computer systems be available for the business at all times when required? (Availability)

Will the information in the systems be disclosed only to authorized users? (Confidentiality)

Will the information provided by the system always be accurate, reliable, and timely? (Integrity).

Besides, the availability, confidentiality and integrity of information systems receiving IT auditor consideration; it has been suggested by other authors that information system utility, possession and authenticity also be considered by answering questions such as:

Will the organization's computer system provide useful information when required? (Utility)

Will the physical aspects of the organization's computer systems be protected from the threat of theft? (Possession)

Will the information provided by the system always be genuine, original without unauthorized change? (Authenticity).

TYPES OF IT AUDITS

Computerized Systems and Applications: an audit to verify that systems and applications are appropriate to the entity's needs, is efficient, and adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.

Information Processing Facilities: an audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.

Systems Development: an audit to verify that the systems under development meets the objectives of the organization, and ensures the systems are developed in accordance with generally accepted standards for Systems Development .

Management of IT and Enterprise Architecture: an audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for Information Processing .

Client/Server, connecting the clients and servers.

IT AUDIT PROCESS

See Also: Information Technology Audit Process

The following are basic steps in performing the Information Technology Audit Process :

# Planning
# Studying and Evaluating Controls
# Testing and Evaluating Controls
# Reporting
# Follow-up

HISTORY OF IT AUDITING

See Also: history of information technology auditing

The concept of IT auditing was formed in the mid-1960's and has gone through numerous changes due to advances in technology and the incorporation of technology into business.

IT AUDIT TOPICS

Regulations and Legislation Related to IT Audits

Several information technology audit related laws and regulations have been introduced since 1977. These include the Gramm Leach Bliley Act, the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, the London Stock Exchange Combined Code, King II , and the Foreign Corrupt Practices Act.

Health Insurance Portability And Accountability Act (HIPPA)

Gramm-Leach-Bliley Act (GLBA)

Sarbanes-Oxley Act (SOX)

Foreign Corrupt Practices Act (FCPA)

Companies with Sarbanes-Oxley certification delays and material weaknesses caused by IT issues:

Captaris Inc. - material weakness and filing delay due to inadequate internal controls and related IT controls per SOX requirements

Cray Inc. - numerous material weaknesses in internal control over financial reporting, specifically, inadequate review of third-party contracts and lack of software application controls and documentation

Security

See Also: Auditing information security

Auditing Information Security is a vital part of any IT audit. Within the broad scope of auditing information security we find topics such as Data Centers , Networks and Application Security . Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods used for auditing these areas. It is important to remember that in this ever expanding technical realm these things are always changing and as such IT auditors must continue to expand their knowledge and understanding of systems and the systems environment to help verify and ensure information security.

EVALUATING IT AUDIT PERSONNEL QUALIFICATIONS

There is no pre-defined skill set that is required when evaluating the qualifications of IT audit personnel. Since Auditor s will be responsible for evaluating the controls affecting the recording and safekeeping of Asset s, it is recommended that IT personnel have detail knowledge regarding Information Systems with a general understanding of Accounting principles. Usually, it is desirable that IT audit personnel have received or qualify to receive the CA, CIA, CISA, or CPA credential.

Employees involved in IT audits

Board Of Directors

Senior Management

Audit Management

External Audit Staff

Internal Audit Staff

Operations Managers

Professional Certification s of note

Certified Information System Auditor (CISA)

Certified Internal Auditor (CIA)

Certified Computer Professional (CCP)

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified Public Accountant (CPA)

Chartered Accountant (CA)

EMERGING ISSUES

Technology changes rapidly and so do the issues IT auditors must face. From biometric retinal scans to protecting physical security to transmitting data from a cell phone, this issue is truly limited only to one’s imagination.

SEE ALSO

IT Audit Resources

Famous IT Auditors & Experts

Information Technology Audit - Operations

Ethical Hacking - Operations

Operations

Backup Systems And Recovery

Change Management Auditing

Software Development Life Cycle auditing

Helpdesk And Incident Reporting Auditing

SAS 70

Disaster Recovery And Business Continuity Auditing

Auditing systems, applications and networks

Operating System Audit

Mainframe Audit

Database Audit

Enterprise Resource Planning Audit

Systems Applications Products Audit

Computer Forensics

Computer Forensics

Data Analysis

Irregularities and Illegal Acts

ISACA Standard-S9 Irregularities and Illegal Acts

AICPA Standard- SAS 99 Consideration of Fraud in a Financial Statement Audit

Computer Fraud Case Studies

EXTERNAL LINKS

A career as Information Systems Auditor , by Avinash Kadam (Network Magazine)

Did IT Auditing Forget The Foreign Corrupt Practices Act? , by Robert E. Davis (ITAudit Magazine)

IT Auditing: An Adaptive Process , by Robert E. Davis

Federal Financial Institutions Examination Council (FFIEC)

Information Systems Audit & Control Association (ISACA)

	CATEGORIES ABOUT INFORMATION TECHNOLOGY AUDIT

	information technology auditinformation technology audit

	computer security procedures

	auditing

	APPAREL
	BABY
	BEAUTY
	BOOKS
	CAR TOYS
	CELL PHONES
	DVD'S
	ELECTRONICS
	GOURMET FOOD
	GROCERIES
	HEALTH & PERSONAL
	HOME & GARDEN
	JEWELRY
	MUSIC
	MUSIC INSTRUMENTS
	OFFICE PRODUCTS
	SOFTWARE
	SPORTING GOODS
	TOOLS & HARDWARE
	TOYS
	VIDEO GAMES
	SHOPPING HOME

	MORE SHOPPING...

Information About

Information Technology Audit